Cloudera Docs

Configuring User Access to CML

This topic describes how to grant users/groups access to an environment so that they can provision and/or list ML workspaces within that environment. The same users will also be granted Single Sign-on (SSO) access to the workspaces. In addition, if a user needs to provision, upgrade, or delete an ML workspace, they also need the account-level EnvironmentAdmin role assigned. For more information, see Understanding account roles and resource roles.

Required Role: PowerUser

There are two CDP user roles associated with the CML service: MLAdmin and MLUser. A CDP PowerUser will need to assign these roles to users who require access to the CML service within an environment.
  • MLAdmin - This role grants a CDP user/group the ability to create and delete Cloudera Machine Learning workspaces within a given CDP environment. MLAdmins will also have Site Administrator level access to all the workspaces provisioned within this environment. That is, they can run workloads, monitor, and manage all user activity on these workspaces.
  • MLUser - This role grants a CDP user/group the ability to list Cloudera Machine Learning workspaces provisioned within a given CDP environment. MLUsers will also be able to run workloads on all the workspaces provisioned within this environment.

For instructions, see Granting CDP Users Access to Cloudera Machine Learning Service.